package com.graduation.lastproject.util.shiro;


import com.graduation.lastproject.entity.Business;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

@Configuration
public class ShiroConfig {

    /**
     * 创建shirofilterfactoryBean对象，设置安全管理器
     */
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(SecurityManager  securityManager){
      //创建ShiroFilterFatoryBean对象
        ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
        //设置安全管理器
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //拦截器.
        Map<String,String> filterChainDefinitionMap = new LinkedHashMap<String,String>();
        //设置身份验证 admin 必须登录后才能访问首页
        filterChainDefinitionMap.put("/admin/index","authc");
        filterChainDefinitionMap.put("/admin/index","roles[admin]");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/admin/login");
        shiroFilterFactoryBean.setUnauthorizedUrl("/admin/login");
        //返回ShiroFilterFactoryBean对象
        return  shiroFilterFactoryBean;

    }

  /*   * 创建DefaultWebSecurityManager对象，关联realm
     * @param userRealm
     * @return
     **/

   /* @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(UserRealm userRealm){
        //创建DefaultWebSecurityManager对象
        DefaultWebSecurityManager defaultWebSecurityManager=new DefaultWebSecurityManager();
        //设置关联的realm
        defaultWebSecurityManager.setRealm(userRealm);
        //返回DefaultWebSecuritytManager对象
        return defaultWebSecurityManager;
    }*/

    /**
     * 注入UserRealm
     */


    @Bean
    public UserRealm getUserRealm(){
        UserRealm userRealm=new UserRealm() ;
        return userRealm;
    }
   /*注入BusinessRealm*/
    @Bean
    public BusinessRealm getBusqinessRealm(){
        BusinessRealm  business=new BusinessRealm() ;
        return business;
    }

    @Bean
    public AdminRealm getAdminRealm(){
        AdminRealm adminRealm=new AdminRealm() ;
        return  adminRealm;
    }

    /**
     * 系统自带的Realm管理，主要针对多realm 认证
     */
    @Bean
    public ModularRealmAuthenticator modularRealmAuthenticator() {
        //自己重写的ModularRealmAuthenticator
        LoginsModularRealmAuthenticator modularRealmAuthenticator = new LoginsModularRealmAuthenticator();
        modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        return modularRealmAuthenticator;
    }

    @Bean
    public ModularRealmAuthorizer modularRealmAuthorizer() {
        //自己重写的ModularRealmAuthorizer
        LoginsModularRealmAuthorizer modularRealmAuthorizer = new LoginsModularRealmAuthorizer();
        return modularRealmAuthorizer;
    }

    /**
     * 核心的安全事务管理器LoginsModularRealmAuthenticator
     *
     * @return
     */
    @Bean
    public SecurityManager securityManager(){
        DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
        List<Realm> realms = new ArrayList<>();
        realms.add(getUserRealm());
        realms.add(getBusqinessRealm());
        realms.add(getAdminRealm());
        securityManager.setAuthorizer(modularRealmAuthorizer());
        securityManager.setAuthenticator(modularRealmAuthenticator()); // 需要再realm定义之前
        securityManager.setRealms(realms);
        return securityManager;
    }



}
